• Hi there

    I have a virtual host server (A server serving many sites). I have found that if I have WordFence installed on one WordPress website with “Enhanced Firewall” turned on, it effects other WordPress sites on the server that don’t have the plugin installed. The effect it has, is you can’t make any changes on the other websites.

    I’ve only experienced it sometimes.

    Regards
    Chris

Viewing 10 replies - 1 through 10 (of 10 total)
  • I want to be sure I understand your issue.
    When you talk about the Vhost server do you mean that sites are served in a directories like this.
    public_html/SiteA
    public_html/SiteA/SiteB
    public_html/SiteA/SiteC
    public_html/SiteA/SiteD
    and so on.

    If so, is SiteA the one with the working firewall? Sites B, C, and D are the ones affected by SiteA’s firewall. Is that right?

    Tim

    Thread Starter Chris Hatton

    (@ckhatton)

    Hi Tim

    Na, the directories are like this…
    public_html/SiteA
    public_html/SiteB
    public_html/SiteC
    public_html/SiteD

    “SiteA the one with the working firewall? Sites B, C, and D are the ones affected by SiteA’s firewall.” That is correct.

    Regards
    Chris

    Hi @ckhatton,

    Wordfence will generate or modify the .htaccess found in the document root.

    Is the .htaccess found in /public_html or only in /public_html/SiteA?

    Dave

    Thread Starter Chris Hatton

    (@ckhatton)

    Only in /public_html/SiteA.

    Looking at the WordFence ones, they look a little over engineered.

    One site with WordFence installed, has no WordFence lines in the .htaccess, which happens to be the website we have to switch off WordFence to edit other sites.

    Are any of this lines likely to affect other sites on the server…

    
    # Wordfence WAF
    <Files ".user.ini">
    <IfModule mod_authz_core.c>
    	Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    	Order deny,allow
    	Deny from all
    </IfModule>
    </Files>
    
    # Wordfence WAF
    <IfModule mod_php7.c>
    	php_value auto_prepend_file '/var/www/html/websites/siteA/wordfence-waf.php'
    </IfModule>
    <Files ".user.ini">
    <IfModule mod_authz_core.c>
    	Require all denied
    </IfModule>
    <IfModule !mod_authz_core.c>
    	Order deny,allow
    	Deny from all
    </IfModule>
    </Files>
    
    # END Wordfence WAF
    

    Especially php_value auto_prepend_file '/var/www/html/websites/siteA/wordfence-waf.php'?

    Where’s .user.ini located?

    Thank you
    Chris

    php.ini or .user.ini (either can be used) should be in SiteA, SiteB, etc. Did you clone all these sites when setting them up?

    Tim

    Thread Starter Chris Hatton

    (@ckhatton)

    Na they are expanded straight from a wordpress.zip downloaded from the official WordPress site, at the time of setup.

    The website which happens to be the website we have to switch off WordFence to edit other sites, I will install WordFence fully and see if it fixes it.

    Thank you
    Chris

    Thread Starter Chris Hatton

    (@ckhatton)

    I’ve just realised that because it is an Apache2 server the files php.ini and user.ini aren’t used, only .htaccess, and hence why I couldn’t see them.

    • This reply was modified 5 years, 8 months ago by Chris Hatton.
    Thread Starter Chris Hatton

    (@ckhatton)

    Ar, this might be something. When I tried to uninstall enhanced protection I got this…

    
    Unable to Uninstall
    
    Extended Protection Mode has not been disabled. This may be because 'auto_prepend_file' is configured somewhere else or the value is still cached by PHP. Try Again
    

    Does that mean WordFence has added that line in the main php conf files, and why it might be affecting other websites?

    Thread Starter Chris Hatton

    (@ckhatton)

    Yep… It’s been listed 4 times in…

    $ etc > php > 7.0 > apache2 > php.ini

    The file is 7241 lines long!! ??

    I am going to clean up the file now and remove the ‘auto_prepend_file’ line.

    What worries me is, how does WordFence have write access to that file??

    • This reply was modified 5 years, 8 months ago by Chris Hatton.
    • This reply was modified 5 years, 8 months ago by Chris Hatton.
    Thread Starter Chris Hatton

    (@ckhatton)

    Any update on this?

    Chris

Viewing 10 replies - 1 through 10 (of 10 total)
  • The topic ‘Virtual Hosts’ is closed to new replies.